Since we decoupled the frontend from the backend we need to consider CORS headers configs. Running web servers is not my expertise so it would be great to hear peoples general opinions on this when dealing with frontend applications making XMLHttpRequests (or Fetch) directly to a service.
I guess this is also somewhat related to authentication of the app in general but another topic.
Since we decoupled the frontend from the backend we need to consider CORS headers configs. Running web servers is not my expertise so it would be great to hear peoples general opinions on this when dealing with frontend applications making XMLHttpRequests (or Fetch) directly to a service.
I guess this is also somewhat related to authentication of the app in general but another topic.
So instead of
same-origin
we could: